mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

efuse: use esp32 qemu target for a efuses example test. 

The efuses example test with secure boot v2 and flash encryption enabled can be run on the esp32 qemu image.
pull/11637/head
harshal.patil 2023-05-23 15:54:37 +05:30
rodzic 9da31ea373
commit 0b86bcd35f
6 zmienionych plików z 122 dodań i 4 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
.gitlab-ci.yml
Wyświetl plik

@ -66,7 +66,7 @@ variables:
ESP_ENV_IMAGE: "$CI_DOCKER_REGISTRY/esp-env-v5.2:1"
CLANG_STATIC_ANALYSIS_IMAGE: "${CI_DOCKER_REGISTRY}/clang-static-analysis-v5.2:1-1"
ESP_IDF_DOC_ENV_IMAGE: "$CI_DOCKER_REGISTRY/esp-idf-doc-env-v5.2:1-1"
QEMU_IMAGE: "${CI_DOCKER_REGISTRY}/qemu-v5.2:1-20220802"
QEMU_IMAGE: "${CI_DOCKER_REGISTRY}/qemu-v5.2:1-20230522"
TARGET_TEST_ENV_IMAGE: "$CI_DOCKER_REGISTRY/target-test-env-v5.2:1"
SONARQUBE_SCANNER_IMAGE: "${CI_DOCKER_REGISTRY}/sonarqube-scanner:3"

7
examples/system/efuse/main/Kconfig.projbuild 100644
Wyświetl plik

@ -0,0 +1,7 @@
menu "Example Configuration"
config EXAMPLE_TEST_RUN_USING_QEMU
bool "Run example test using Qemu"
help
Enabling this option emulates the example test under the QEMU environment.
endmenu

11
examples/system/efuse/main/efuse_main.c
Wyświetl plik

@ -78,7 +78,7 @@ static void read_efuse_fields(device_desc_t *desc)
}
#ifdef CONFIG_EFUSE_VIRTUAL
#if defined(CONFIG_EFUSE_VIRTUAL) || defined(CONFIG_EXAMPLE_TEST_RUN_USING_QEMU)
static void write_efuse_fields(device_desc_t *desc, esp_efuse_coding_scheme_t coding_scheme)
{
#if CONFIG_IDF_TARGET_ESP32
@ -104,7 +104,7 @@ static void write_efuse_fields(device_desc_t *desc, esp_efuse_coding_scheme_t co
ESP_ERROR_CHECK(esp_efuse_batch_write_commit());
}
}
#endif // CONFIG_EFUSE_VIRTUAL
#endif // defined(CONFIG_EFUSE_VIRTUAL) || defined(CONFIG_EXAMPLE_TEST_RUN_USING_QEMU)
static esp_efuse_coding_scheme_t get_coding_scheme(void)
@ -154,7 +154,10 @@ void app_main(void)
device_desc_t device_desc = { 0 };
read_efuse_fields(&device_desc);
#if !CONFIG_EXAMPLE_TEST_RUN_USING_QEMU
ESP_LOGW(TAG, "This example does not burn any efuse in reality only virtually");
#endif
#if CONFIG_IDF_TARGET_ESP32C2
if (esp_secure_boot_enabled() || esp_flash_encryption_enabled()) {
@ -165,8 +168,10 @@ void app_main(void)
}
#endif
#ifdef CONFIG_EFUSE_VIRTUAL
#if defined(CONFIG_EFUSE_VIRTUAL) || defined(CONFIG_EXAMPLE_TEST_RUN_USING_QEMU)
#if !CONFIG_EXAMPLE_TEST_RUN_USING_QEMU
ESP_LOGW(TAG, "Write operations in efuse fields are performed virtually");
#endif
if (device_desc.device_role == 0) {
device_desc.module_version = 1;
device_desc.device_role = 2;

84
examples/system/efuse/pytest_system_efuse_example.py
Wyświetl plik

@ -7,6 +7,7 @@ import os
import pytest
from pytest_embedded import Dut
from pytest_embedded_qemu.dut import QemuDut
@pytest.mark.generic
@ -845,6 +846,89 @@ def test_examples_efuse_with_virt_sb_v2_and_fe(dut: Dut) -> None:
dut.expect('example: Done')
@pytest.mark.esp32
@pytest.mark.host_test
@pytest.mark.qemu
@pytest.mark.parametrize('config', ['virt_sb_v2_and_fe.esp32.qemu',], indirect=True)
@pytest.mark.parametrize(
'qemu_extra_args',
[
f'-drive file={os.path.join(os.path.dirname(__file__), "test", "esp32eco3_efuses.bin")},if=none,format=raw,id=efuse '
'-global driver=nvram.esp32.efuse,property=drive,value=efuse '
'-global driver=timer.esp32.timg,property=wdt_disable,value=true',
],
indirect=True,
)
def test_examples_efuse_with_virt_sb_v2_and_fe_qemu(dut: QemuDut) -> None:
try:
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
dut.expect('secure_boot_v2: Signature verified successfully')
dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the bootloader')
dut.expect('Writing EFUSE_BLK_KEY1 with purpose 3')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')
dut.expect('secure_boot_v2: blowing secure boot efuse...')
dut.expect('Disable JTAG...')
dut.expect('Disable ROM BASIC interpreter fallback...')
dut.expect('Disable ROM Download mode...')
dut.expect('secure_boot_v2: Secure boot permanently enabled')
dut.expect('Checking flash encryption...')
dut.expect('flash_encrypt: Generating new flash encryption key...')
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 2')
dut.expect('flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF')
dut.expect('flash_encrypt: Not disabling UART bootloader encryption')
dut.expect('flash_encrypt: Disable UART bootloader decryption...')
dut.expect('flash_encrypt: Disable UART bootloader MMU cache...')
dut.expect('flash_encrypt: Disable JTAG...')
dut.expect('flash_encrypt: Disable ROM BASIC interpreter fallback...')
dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('flash_encrypt: bootloader encrypted successfully')
dut.expect('flash_encrypt: partition table encrypted and loaded successfully')
dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('flash_encrypt: Flash encryption completed', timeout=120)
dut.expect('Resetting with flash encryption enabled...')
dut.expect('Verifying image signature...', timeout=180)
dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
dut.expect_exact('flash_encrypt: flash encryption is enabled (3 plaintext flashes left)')
dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
dut.expect('main_task: Calling app_main()')
dut.expect('Start eFuse example')
dut.expect('example: Flash Encryption is NOT in RELEASE mode')
dut.expect('example: Secure Boot is in RELEASE mode')
dut.expect('example: Done')
finally:
# the above example test burns the efuses, and hence the efuses file which the
# qemu uses to emulate the efuses, "test/esp32eco3_efuses.bin", gets modified.
# Thus, restore the efuses file values back to the default ESP32-ECO3 efuses values.
with open(os.path.join(os.path.dirname(__file__), 'test', 'esp32eco3_efuses.bin'), 'wb') as efuse_file:
esp32eco3_efuses = '0' * 26 + '8' + '0' * 17 + '1' + '0' * 203
efuse_file.write(bytearray.fromhex(esp32eco3_efuses))
@pytest.mark.esp32c3
@pytest.mark.esp32c2
@pytest.mark.esp32c6

22
examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32.qemu 100644
Wyświetl plik

@ -0,0 +1,22 @@
# FLASH_ENCRYPTION & SECURE_BOOT_V2 with target QEMU
CONFIG_IDF_TARGET="esp32"
CONFIG_EFUSE_VIRTUAL=n
# ESP32 supports SECURE_BOOT_V2 only in ECO3
CONFIG_ESP32_REV_MIN_3=y
CONFIG_ESP32_REV_MIN=3
CONFIG_PARTITION_TABLE_OFFSET=0xD000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
CONFIG_SECURE_DISABLE_ROM_DL_MODE=y
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_EXAMPLE_TEST_RUN_USING_QEMU=y
CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT=y

BIN
examples/system/efuse/test/esp32eco3_efuses.bin 100644
Wyświetl plik

Plik binarny nie jest wyświetlany.